package com.itheimajdbc;
import org.junit.Test;

import java.sql.*;

//演示preparedStatement
public class jdbcdemo_preparedStatememt {

    //演示SQl注入
    @Test
    public void testResultSet() throws Exception {
        //注册驱动
        Class.forName("com.mysql.cj.jdbc.Driver");
        //2.获取连接：(如果是本地的mysql并且端口号默认的3306可以简化书写)
        String url = "jdbc:mysql://localhost:3306/mysql";
        String username = "root";
        String password = "123456";
        Connection conn = DriverManager.getConnection(url, username, password);
        //接受用户名和密码('or'1' = '1)
        String name = "zhangsan";
        String pwd = "'or'1' = '1";
        //3.定义sql
        String sql = "select * from password where username =?and password =?";
        //获取pstmt对象
        PreparedStatement pstmt = conn.prepareStatement(sql);
        Statement stmt = conn.createStatement();
        //设置 ？的值
        pstmt.setString(1, name);
        pstmt.setString(2, pwd);
        //执行sql
        ResultSet rs = pstmt.executeQuery();
        System.out.println(sql);
        //判断登录是否成功
        if (rs.next()) {
            System.out.println("登录成功");
        } else {
            System.out.println("登录失败");
        }
        //7.释放资源
        rs.close();
        pstmt.close();
        conn.close();
    }
}